Note that I’ve removed the comments and the code at the end that displays the result.

Now remember what this script does:

It connects to the root\cimv2 namespace on the local computer.

It uses a SELECT statement to return a collection of network adapter configurations that have TCP/IP bound and enabled.

It changes the IP address on the adapter to the value specified as a command line parameter.

So let’s say we save this script in the folder C:\localtest on a Windows XP machine that has static IP address of 172.16.11.43. Then we open a command prompt running with administrator credentials on the machine and we use this script to change the machine’s IP address to 172.16.11.54:

Gotcha #1: Remember, to change the IP address on a Windows XP machine requires local administrator credentials. So if you are currently logged on to the machine as a domain user (as I was) you need to open a command prompt and type runas /user:administrator cmd.exe to open a second command prompt running in the context of local admin credentials, and then run the script from this second command prompt.

But what if we want to run this script on one machine (say xp2.contoso.com) and use it to change the IP address of a different machine (say xp.contoso.com)? In other words, we want to run the script remotely against a remote Windows XP computer. How can we do this?

First Attempt

Let’s start by logging on to our administrator workstation xp.contoso.com using the domain admin credentials of Mary Jones our administrator. We’ll need to do this since domain admins have local admin privileges on all machines in the domain, so when we run our script from our admin workstation against the remote machine, it should work, right?

So let’s say our script ChangeIPAddress.vbs is in the folder C:\tools on our admin workstation xp.contoso.com. Let’s open a command prompt on this machine and type the following:

Note that it takes a while before the above error message is finally returned. But did the operation work? Well, if I log onto the remote machine xp2.contoso.com, open a command prompt and type ipconfig, here’s what I get:

So it looks like the script can’t connect to the WMI service on the remote machine. What could be causing this?

Second Attempt

Maybe it has something to do with Windows Firewall on the remote machine.

Remember, Windows XP SP2 has a firewall that blocks most incoming traffic except for traffic that has an exception configured for it. The simplest way to test this is to disable Windows Firewall on the target computer. Let’s do this by logging on to xp2.contoso.com as administrator, opening the Windows Firewall applet from Control Panel, and selecting the Off setting on the General tab.

So it looks like the script worked! We’re getting there! But this leaves us with two puzzles:

We don’t want to have to disable Windows Firewall on remote machines in order to run scripts against them. So is there an exception we can open on these machines to enable remote scripts to run against them while Windows Firewall is running?

What about the RPC error above? The script worked but it still returned an error. Why?

Exception for Remote Scripting

Let’s enable Windows Firewall on the remote machine again. This will block our script from running against it. Now from an admin-level command prompt on the remote machine, type gpedit.msc to open Local Group Policy on the machine, then navigate to the following policy setting (see Figure 1):

Double-click on this policy setting and enable it for the local subnet (Figure 2). We’ll do this since we know that our admin workstation is on the same subnet as the target computer.

Figure 2: Enabling the remote administration exception

Gotcha #2: Of course, you may want to do this differently and configure this policy setting in a domain Group Policy Object (GPO) instead of locally. That way you don’t have to touch the remote machine to enable this exception in its firewall!

Now let’s run the script again from the admin workstation and try to change the remote machine’s IP address from 172.16.11.65 to 172.16.11.66:

It worked! So by leaving Windows Firewall enabled on the remote machine but using Group Policy to open an except for remote administration in the firewall, we can remotely change the machine’s IP address by running a script from an admin workstation.

So we’ve solved the first puzzle, but what about the second?

Well, I like mysteries, so let’s leave that one until the next article in this series.

If you would like to read the other parts in this article series please go to:

Featured Links

Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows Server and cloud technologies who has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press. He is a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management.

Featured Freeware

Recommended

Follow Us

TECHGENIX

TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.